At a time when healthcare professionals, scientists, first responders and everyday people are performing heroic deeds to help us out of the COVID-19 crisis, it’s critical that we maintain our vigilance for bad actors seeking to do us harm in the cyber realm.
Cybercriminals and hackers are always on the prowl for vulnerabilities to exploit, and the COVID-19 outbreak is no exception. The pandemic may even have sparked more nefarious behavior during a time when we are preoccupied with social distancing, sheltering in place, layoffs and furloughs, vaccines, and quarantines. From “Zoom bombing” to social engineering attempts via email and phone, we’re all observing an increase in attacks.
A particularly heinous example of how attackers are spreading havoc came to light in a recent warning from the International Criminal Police Organization (INTERPOL). INTERPOL alerted authorities in its 194 member countries about an increase in the number of ransomware attacks targeting hospitals and other key organizations engaged in the virus response around the world.
Healthcare institutions have fallen prey to malicious software, or malware, that is often spread through phishing emails or by unknowingly visiting infected websites. Once the malware is unleashed, the organization is held hostage digitally, prevented from accessing vital files and systems until a ransom is paid.
According to media reports, a recent example occurred in mid-April when a medical center in Pueblo, Colo., was hit with a suspected ransomware assault that resulted in an outage to a number of the center’s IT infrastructure, including its system for storing patient information. The hospital was forced to resort to using paper forms, a troubling slowdown in productivity at any time, let alone when dealing with an influx of patients due to the COVID-19 pandemic. Hospitals and healthcare providers worldwide also are experiencing an increase in volumetric Distributed Denial of Service (DDoS) and ransomware attacks. Many threat actors are blending DDoS and ransomware-based attacks.
Even before the pandemic, healthcare organizations were a prime target for ransomware attacks. A report from Corvus Insurance found that ransomware attacks on healthcare entities increased by 350 percent in Q4 2019 compared to Q4 2018.
Given the rising ransomware and blended threats, it is vital that hospitals, labs and medical centers re-examine their readiness to fend off cyberattacks. In fact, it is a practice than any organization, regardless of industry, should do on a regular basis. Here are eight proactive steps and precautions that can reduce the chances that your company will become a ransomware victim:
- Improve company communications: A successful ransomware attack is usually a sign of improper employee communication and behavior. These issues are more pressing than the typical “an employee just clicked on the wrong URL” type of problem. In many cases, ransomware and blended threat problems are a symptom of larger issues.
- Endpoint backup: This is more effective than software patching, as zero-day attacks abound. Proper endpoint backup (that is not susceptible to ransomware attacks itself) can ensure that an organization can recover more quickly. While updating software and patch levels is always useful, backup is the most critical technical step, in many ways. This is because many successful attacks are based on zero-day attack strategies. A zero-day attack is where the attacker targets a vulnerability that cannot be patched or easily anticipated.
- End-user training: End users require constant help to communicate securely. “Fake phishing” campaigns are helpful, as are ways to encourage out-of-band confirmation on vital communications (e.g., wire transfers).
- Network segmentation: Proper use of Virtual LAN (VLAN) and network access control list implementation through switches and routers help deter the spread of a ransomware outbreak. It is effectively the equivalent of “social distancing.” I call it “service distancing.”
- Multifactor authentication: Two-factor authentication (2FA) is a major help in slowing ransomware attacks.
- Filtering ISP / Cloud service: This provides the ability to “black hole” or otherwise block ransomware traffic, either before or after an attack. It can block typical botnet command and control software.
- Scenario-based drills: Fire drills are a regular practice at almost every organization. But how often does your company practice reacting to a ransomware attack? Software companies provide drilling and modeling services that allow people to practice and engage in simulations.
- Set privacy measures and metrics: Ransomware often tries to extort victims by threatening the release of intellectual property or other sensitive information. It is important to discuss implementing unique measures to help protect data at rest through adequate encryption and authentication (e.g., 2FA).
CompTIA offers a wide range of free resources on cybersecurity best practices, professional certifications, research on the latest trends and training for both technical and non-technical staff. Here are just a few:
- What is a DDoS Attack? A Guide for Protection
- The Cybersecurity Skills Your Boss Wants You to Have to Counter DDoS Attacks
- Data Breach Response Planning Guide
- Security Awareness Training for Employees
- Cybersecurity for Digital Organizations
Additional cybersecurity resources are available at https://www.comptia.org/resources/cybersecurity.